Versio.io

CVE-2012-0871

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 18-04-2014 04:55
Last modified: - 28-01-2022 08:16
Total changes: - 2

Description

The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:M/Au:N/C:N/I:C/A:C
Low
Attack complexity
Local
Attack vector
High
Availability
None
Confidentiality
High
Integrity
-
Privileges required
-
Scope
-
User interaction
6.3
Base score
3.4
9.2
Exploitability score
Impact score
 

Verification logic

OR
vendor=systemd_project AND product=systemd AND version=31
vendor=systemd_project AND product=systemd AND version=30
vendor=systemd_project AND product=systemd AND version=29
vendor=systemd_project AND product=systemd AND version=28
vendor=systemd_project AND product=systemd AND version=14
vendor=systemd_project AND product=systemd AND version=13
vendor=systemd_project AND product=systemd AND version=12
vendor=systemd_project AND product=systemd AND version=11
vendor=opensuse AND product=opensuse AND version=12.1
vendor=systemd_project AND product=systemd AND versionEndIncluding=037
vendor=systemd_project AND product=systemd AND version=36
vendor=systemd_project AND product=systemd AND version=23
vendor=systemd_project AND product=systemd AND version=22
vendor=systemd_project AND product=systemd AND version=21
vendor=systemd_project AND product=systemd AND version=20
vendor=systemd_project AND product=systemd AND version=19
vendor=systemd_project AND product=systemd AND version=6
vendor=systemd_project AND product=systemd AND version=5
vendor=systemd_project AND product=systemd AND version=4
vendor=systemd_project AND product=systemd AND version=3
vendor=systemd_project AND product=systemd AND version=34
vendor=systemd_project AND product=systemd AND version=32
vendor=systemd_project AND product=systemd AND version=27
vendor=systemd_project AND product=systemd AND version=25
vendor=systemd_project AND product=systemd AND version=18
vendor=systemd_project AND product=systemd AND version=16
vendor=systemd_project AND product=systemd AND version=9
vendor=systemd_project AND product=systemd AND version=7
vendor=systemd_project AND product=systemd AND version=2
vendor=systemd_project AND product=systemd AND version=35
vendor=systemd_project AND product=systemd AND version=33
vendor=systemd_project AND product=systemd AND version=26
vendor=systemd_project AND product=systemd AND version=24
vendor=systemd_project AND product=systemd AND version=17
vendor=systemd_project AND product=systemd AND version=15
vendor=systemd_project AND product=systemd AND version=10
vendor=systemd_project AND product=systemd AND version=8
vendor=systemd_project AND product=systemd AND version=1
 

Reference

 


Keywords

NVD

 

CVE-2012-0871

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.